Context Navigation

source: branches/branch-1_5/admin/configuration.php @ 1003

Last change on this file since 1003 was 1003, checked in by nikrou, 18 years ago

Improve security of sessions:

use only cookies to store session id on client side
use default php session system with database handler to store sessions on server side

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 8.8 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2006-01-15 12:52:55 +0000 (Sun, 15 Jan 2006) $
10	// \| last modifier : $Author: nikrou $
11	// \| revision : $Revision: 1003 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	if( !defined("PHPWG_ROOT_PATH") )
29	{
30	die ("Hacking attempt!");
31	}
32
33	include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
34	//-------------------------------------------------------- sections definitions
35	if (!isset($_GET['section']))
36	{
37	$page['section'] = 'general';
38	}
39	else
40	{
41	$page['section'] = $_GET['section'];
42	}
43	//------------------------------------------------------ $conf reinitialization
44	$result = pwg_query('SELECT param,value FROM '.CONFIG_TABLE);
45	while ($row = mysql_fetch_array($result))
46	{
47	$conf[$row['param']] = $row['value'];
48	// if the parameter is present in $_POST array (if a form is submited), we
49	// override it with the submited value
50	if (isset($_POST[$row['param']]))
51	{
52	$conf[$row['param']] = $_POST[$row['param']];
53	}
54	}
55	//------------------------------ verification and registration of modifications
56	if (isset($_POST['submit']))
57	{
58	$int_pattern = '/^\d+$/';
59	switch ($page['section'])
60	{
61	case 'general' :
62	{
63	break;
64	}
65	case 'comments' :
66	{
67	// the number of comments per page must be an integer between 5 and 50
68	// included
69	if (!preg_match($int_pattern, $_POST['nb_comment_page'])
70	or $_POST['nb_comment_page'] < 5
71	or $_POST['nb_comment_page'] > 50)
72	{
73	array_push($page['errors'], $lang['conf_nb_comment_page_error']);
74	}
75	break;
76	}
77	case 'default' :
78	{
79	// periods must be integer values, they represents number of days
80	if (!preg_match($int_pattern, $_POST['recent_period'])
81	or $_POST['recent_period'] <= 0)
82	{
83	array_push($page['errors'], $lang['periods_error']);
84	}
85	// maxwidth
86	if (isset($_POST['default_maxwidth'])
87	and !empty($_POST['default_maxwidth'])
88	and (!preg_match($int_pattern, $_POST['default_maxwidth'])
89	or $_POST['default_maxwidth'] < 50))
90	{
91	array_push($page['errors'], $lang['maxwidth_error']);
92	}
93	// maxheight
94	if (isset($_POST['default_maxheight'])
95	and !empty($_POST['default_maxheight'])
96	and (!preg_match($int_pattern, $_POST['default_maxheight'])
97	or $_POST['default_maxheight'] < 50))
98	{
99	array_push($page['errors'], $lang['maxheight_error']);
100	}
101	break;
102	}
103	}
104
105	// updating configuration if no error found
106	if (count($page['errors']) == 0)
107	{
108	// echo '<pre>'; print_r($_POST); echo '</pre>';
109	$result = pwg_query('SELECT * FROM '.CONFIG_TABLE);
110	while ($row = mysql_fetch_array($result))
111	{
112	if (isset($_POST[$row['param']]))
113	{
114	$value = $_POST[$row['param']];
115
116	if ('gallery_title' == $row['param']
117	or 'gallery_description' == $row['param'])
118	{
119	if (!$conf['allow_html_descriptions'])
120	{
121	$value = strip_tags($value);
122	}
123	}
124
125	$query = '
126	UPDATE '.CONFIG_TABLE.'
127	SET value = \''. str_replace("\'", "''", $value).'\'
128	WHERE param = \''.$row['param'].'\'
129	;';
130	pwg_query($query);
131	}
132	}
133	array_push($page['infos'], $lang['conf_confirmation']);
134	}
135	}
136
137	//----------------------------------------------------- template initialization
138	$template->set_filenames( array('config'=>'admin/configuration.tpl') );
139
140	$action = PHPWG_ROOT_PATH.'admin.php?page=configuration';
141	$action.= '&section='.$page['section'];
142
143	$template->assign_vars(
144	array(
145	'L_YES'=>$lang['yes'],
146	'L_NO'=>$lang['no'],
147	'L_SUBMIT'=>$lang['submit'],
148	'L_RESET'=>$lang['reset'],
149
150	'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=configuration',
151
152	'F_ACTION'=>$action
153	));
154
155	switch ($page['section'])
156	{
157	case 'general' :
158	{
159	$history_yes = ($conf['log']=='true')?'checked="checked"':'';
160	$history_no = ($conf['log']=='false')?'checked="checked"':'';
161	$lock_yes = ($conf['gallery_locked']=='true')?'checked="checked"':'';
162	$lock_no = ($conf['gallery_locked']=='false')?'checked="checked"':'';
163
164	$template->assign_block_vars(
165	'general',
166	array(
167	'HISTORY_YES'=>$history_yes,
168	'HISTORY_NO'=>$history_no,
169	'GALLERY_LOCKED_YES'=>$lock_yes,
170	'GALLERY_LOCKED_NO'=>$lock_no,
171	'CONF_GALLERY_TITLE' => $conf['gallery_title'],
172	'CONF_GALLERY_DESCRIPTION' => $conf['gallery_description'],
173	));
174	break;
175	}
176	case 'comments' :
177	{
178	$all_yes = ($conf['comments_forall']=='true')?'checked="checked"':'';
179	$all_no = ($conf['comments_forall']=='false')?'checked="checked"':'';
180	$validate_yes = ($conf['comments_validation']=='true')?'checked="checked"':'';
181	$validate_no = ($conf['comments_validation']=='false')?'checked="checked"':'';
182
183	$template->assign_block_vars(
184	'comments',
185	array(
186	'NB_COMMENTS_PAGE'=>$conf['nb_comment_page'],
187	'COMMENTS_ALL_YES'=>$all_yes,
188	'COMMENTS_ALL_NO'=>$all_no,
189	'VALIDATE_YES'=>$validate_yes,
190	'VALIDATE_NO'=>$validate_no
191	));
192	break;
193	}
194	case 'default' :
195	{
196	$show_yes = ($conf['show_nb_comments']=='true')?'checked="checked"':'';
197	$show_no = ($conf['show_nb_comments']=='false')?'checked="checked"':'';
198	$expand_yes = ($conf['auto_expand']=='true')?'checked="checked"':'';
199	$expand_no = ($conf['auto_expand']=='false')?'checked="checked"':'';
200
201	$template->assign_block_vars(
202	'default',
203	array(
204	'NB_IMAGE_LINE'=>$conf['nb_image_line'],
205	'NB_ROW_PAGE'=>$conf['nb_line_page'],
206	'CONF_RECENT'=>$conf['recent_period'],
207	'NB_COMMENTS_PAGE'=>$conf['nb_comment_page'],
208	'MAXWIDTH'=>$conf['default_maxwidth'],
209	'MAXHEIGHT'=>$conf['default_maxheight'],
210	'EXPAND_YES'=>$expand_yes,
211	'EXPAND_NO'=>$expand_no,
212	'SHOW_COMMENTS_YES'=>$show_yes,
213	'SHOW_COMMENTS_NO'=>$show_no
214	));
215
216	$blockname = 'default.language_option';
217
218	foreach (get_languages() as $language_code => $language_name)
219	{
220	if (isset($_POST['submit']))
221	{
222	$selected =
223	$_POST['default_language'] == $language_code
224	? 'selected="selected"' : '';
225	}
226	else if ($conf['default_language'] == $language_code)
227	{
228	$selected = 'selected="selected"';
229	}
230	else
231	{
232	$selected = '';
233	}
234
235	$template->assign_block_vars(
236	$blockname,
237	array(
238	'VALUE'=> $language_code,
239	'CONTENT' => $language_name,
240	'SELECTED' => $selected
241	));
242	}
243
244	$blockname = 'default.template_option';
245
246	foreach (get_templates() as $pwg_template)
247	{
248	if (isset($_POST['submit']))
249	{
250	$selected =
251	$_POST['default_template'] == $pwg_template
252	? 'selected="selected"' : '';
253	}
254	else if ($conf['default_template'] == $pwg_template)
255	{
256	$selected = 'selected="selected"';
257	}
258	else
259	{
260	$selected = '';
261	}
262
263	$template->assign_block_vars(
264	$blockname,
265	array(
266	'VALUE'=> $pwg_template,
267	'CONTENT' => $pwg_template,
268	'SELECTED' => $selected
269	)
270	);
271	}
272
273
274	break;
275	}
276	}
277	//----------------------------------------------------------- sending html code
278	$template->assign_var_from_handle('ADMIN_CONTENT', 'config');
279	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: